xserver: Branch 'XACE-SELINUX'

Wed Mar 21 23:40:17 EET 2007

Xext/xace.c    |   10 ++++++++++
 Xext/xace.h    |   15 ++++++++-------
 Xext/xacestr.h |    8 ++++++++
 dix/dispatch.c |    7 +++----
 4 files changed, 29 insertions(+), 11 deletions(-)

New commits:
diff-tree 9c144f8ac5cea25deaa543767dbaf371d029c608 (from 2945deba1d4a7dce4f6dd0c568297a1c537fdfb4)
Author: Eamon Walsh <ewalsh at tycho.nsa.gov>
Date:   Wed Mar 21 14:39:00 2007 -0400

    xace: add XACE_SELECTION_ACCESS hook for selection redirection/access.

diff --git a/Xext/xace.c b/Xext/xace.c
index ee0f39c..2b873cb 100644
--- a/Xext/xace.c
+++ b/Xext/xace.c
@@ -147,6 +147,16 @@ int XaceHook(int hook, ...)
 	    prv = &rec.rval;
 	    break;
 	}
+	case XACE_SELECTION_ACCESS: {
+	    XaceSelectionAccessRec rec = {
+		va_arg(ap, ClientPtr),
+		va_arg(ap, Selection*),
+		TRUE	/* default allow */
+	    };
+	    calldata = &rec;
+	    prv = &rec.rval;
+	    break;
+	}
 	case XACE_SITE_POLICY: {
 	    XaceSitePolicyRec rec = {
 		va_arg(ap, char*),
diff --git a/Xext/xace.h b/Xext/xace.h
index 7360dae..020a047 100644
--- a/Xext/xace.h
+++ b/Xext/xace.h
@@ -50,13 +50,14 @@ CONNECTION WITH THE SOFTWARE OR THE USE 
 #define XACE_BACKGRND_ACCESS		7
 #define XACE_EXT_ACCESS			8
 #define XACE_HOSTLIST_ACCESS		9
-#define XACE_SITE_POLICY		10
-#define XACE_DECLARE_EXT_SECURE		11
-#define XACE_AUTH_AVAIL			12
-#define XACE_KEY_AVAIL			13
-#define XACE_AUDIT_BEGIN		14
-#define XACE_AUDIT_END			15
-#define XACE_NUM_HOOKS			16
+#define XACE_SELECTION_ACCESS		10
+#define XACE_SITE_POLICY		11
+#define XACE_DECLARE_EXT_SECURE		12
+#define XACE_AUTH_AVAIL			13
+#define XACE_KEY_AVAIL			14
+#define XACE_AUDIT_BEGIN		15
+#define XACE_AUDIT_END			16
+#define XACE_NUM_HOOKS			17
 
 extern CallbackListPtr XaceHooks[XACE_NUM_HOOKS];
 
diff --git a/Xext/xacestr.h b/Xext/xacestr.h
index bd30883..4c480a4 100644
--- a/Xext/xacestr.h
+++ b/Xext/xacestr.h
@@ -27,6 +27,7 @@ CONNECTION WITH THE SOFTWARE OR THE USE 
 #include "gcstruct.h"
 #include "windowstr.h"
 #include "inputstr.h"
+#include "selection.h"
 #include "xace.h"
 
 /* XACE_CORE_DISPATCH */
@@ -93,6 +94,13 @@ typedef struct {
     int rval;
 } XaceHostlistAccessRec;
 
+/* XACE_SELECTION_ACCESS */
+typedef struct {
+    ClientPtr client;
+    Selection *selection;
+    int rval;
+} XaceSelectionAccessRec;
+
 /* XACE_SITE_POLICY */
 typedef struct {
     char *policyString;
diff --git a/dix/dispatch.c b/dix/dispatch.c
index d44687e..498f18a 100644
--- a/dix/dispatch.c
+++ b/dix/dispatch.c
@@ -1113,7 +1113,8 @@ ProcGetSelectionOwner(register ClientPtr
         reply.type = X_Reply;
 	reply.length = 0;
 	reply.sequenceNumber = client->sequence;
-        if (i < NumCurrentSelections)
+        if (i < NumCurrentSelections &&
+	    XaceHook(XACE_SELECTION_ACCESS, client, &CurrentSelections[i]))
             reply.owner = CurrentSelections[i].window;
         else
             reply.owner = None;
@@ -1153,9 +1154,7 @@ ProcConvertSelection(register ClientPtr 
 	       CurrentSelections[i].selection != stuff->selection) i++;
 	if ((i < NumCurrentSelections) &&
 	    (CurrentSelections[i].window != None) &&
-	    XaceHook(XACE_RESOURCE_ACCESS, client,
-		     CurrentSelections[i].window, RT_WINDOW,
-		     DixReadAccess, CurrentSelections[i].pWin))
+	    XaceHook(XACE_SELECTION_ACCESS, client, &CurrentSelections[i]))
 	{        
 	    event.u.u.type = SelectionRequest;
 	    event.u.selectionRequest.time = stuff->time;

